Looking Past the Abstractions: Characterizing Information Flow in Real-World Systems
Abstract: Abstractions have proven essential for us to manage computing systems that are constantly growing in size and complexity. However, as core design primitives are obscured, these abstractions can also engender new security challenges. My research investigates these abstractions and the underlying core functionalities to identify the implicit flow violations in modern computing systems.
In this talk, I will detail my efforts in characterizing flow violations and investigating attacks leveraging them. I will first describe how the "stateless" abstraction of serverless computing platforms masks a reality in which functions are cached in memory for long periods of time, enabling attackers to gain quasi-persistence and how such attacks can be investigated through building serverless-aware provenance collection mechanisms. Then I will further investigate how IoT automation platforms (i.e., Trigger-Action Platforms) abstracts the underlying information flows among rules installed within a smart home. I will present my findings on modeling and discovering inter-rule flow violations through building an information flow graph for smart homes. These efforts demonstrate how practical and widely deployable secure systems can be built through understanding the requirements of systems as well as identifying the root cause of violations of these requirements.
Bio: Pubali Datta is a PhD candidate at the University of Illinois Urbana-Champaign where she is advised by Professor Adam Bates in the study of system security and privacy. Pubali has conducted research on a variety of security topics, including IoT security, serverless cloud security, system auditing and provenance, and EDR systems. Her dissertation is in the area of serverless cloud security, particularly in designing access control and auditing mechanisms for serverless platforms - tailored to meet the design and operational requirements of such systems. She received her Bachelor in Technology in Computer Science & Engineering in 2011 from the West Bengal University of Technology, her Masters of Engineering in Computer Science & Engineering in 2013 from Jadavpur University, and will earn her Ph.D in Computer Science from the University of Illinois Urbana-Champaign in the Spring of 2023. Pubali has participated in graduate internships at Samsung Research America, SRI International and VMware.
A pizza lunch for attendees will be available at 11:45 a.m. in CS 150.